(ISC)2 Introduces Expert-Level Cyber Forensics Certification

US and South Korea to Host First Examinations in Global Effort from (ISC)² to Establish Professional Standards for Advanced Cyber Forensics Competency

Clearwater, Fla., U.S.A., June 10, 2013 — (ISC)^2® ("ISC)-squared"), the world's largest not-for-profit information security professional body and administrators of the CISSP^® and CSSLP^®, today announced it has developed a new certification, the Certified Cyber Forensics Professional (CCFP^SM), as the first global standard for assessing experienced digital forensics professionals' mastery and professionalism. The credential, initially available for the U.S. and South Korea beginning September 25, 2013, is designed to provide digital forensics employers and the legal community with validation that a digital forensics professional can lead digital investigations that yield complete, accurate and reliable results.

The CCFP spans the digital forensics and information security disciplines. It reflects internationally accepted standards of practice, forensic techniques and procedures and the legal and ethical principles required of digital forensics professionals. The CCFP will provide employers with an objective measure of the kind of broad-based but deep knowledge required of today's experienced cyber forensics professionals.

As with all its credentials, (ISC)² conducted a job task analysis (JTA) study and exam development workshops to determine the scope and content of the CCFP credential program. Subject matter experts from the (ISC)² membership and organizations from Africa, Australia, Canada, Hong Kong, India, the Netherlands, Singapore, South Africa, South Korea, the United Kingdom and the United States contributed to develop the Common Body of Knowledge (CBK^®) that serves as the foundation for the credential, as well as the exam questions.

The CCFP provides multiple benefits to experienced cyber forensics professionals and to the organizations that employ them. For professionals, CCFP certification helps them to:

• Validate and enhance their standing as advanced cyber forensics professionals with a comprehensive, credible certification;
• Instill employer confidence in their abilities and expand career opportunities with a credential that confirms their current expertise, as well as their capacity to grow and evolve with the forensics industry;
• Perform international forensics investigations, knowing that their CCFP counterparts in other countries will be using a common globally recognized body of knowledge; and
• Pursue ongoing education covering the latest advances in digital forensics science through the (ISC)2 periodic recertification process.

For organizations, the CCFP offers:

• Confidence that their team has the knowledge and skills necessary to conduct forensically sound and accurate investigations and serve as undisputed experts in courts of law;
• An inherent screening tool and standardized measure of qualification to advance their digital forensics teams by hiring and promoting the most qualified professionals;
• Increased organizational integrity, credibility in the eyes of clients/stakeholders; and
• Peace of mind that their cyber forensics team is committed and capable of progressing with the forensics field through the CCFP's necessary Continuing Professional Education (CPE) requirements.

"Digital forensics professionals are becoming more and more essential to the security posture of any organization," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)². "The CCFP is a comprehensive, expert-level program that fills a significant void in the digital forensics certification market by validating the depth of senior-level professionals' experience and expertise. It assures credential holders have the necessary breadth and depth of knowledge and thinking skills needed to address today's complex cyber forensic challenges. We are pleased to have collaborated with luminaries from our membership and leading digital forensics organizations around the world, such as the American Academy of Forensics Sciences and the Korea Cyber Forensics Association, to build a credential unique to the forensics market in its complexity at the expert level. In particular, this certification would not have been possible without the help of Dr. Jae-Woo Lee, Fellow of (ISC)², CISA, CISM, the chair professor for Graduate School of International Affairs and Information, Dongguk University in South Korea, president of the Korea Cyber Forensics Professional Association and co-chair of the
(ISC)² Asian Advisory Board. I want to thank him personally for his vision, leadership and wisdom, which have made this credential a reality."

Availability and Eligibility

To attain the CCFP, applicants must hold a four-year degree leading to a Baccalaureate, or regional equivalent, and have at least three years of full-time, professional experience in digital forensics or IT security in three out of the six domains of the credential. Those not holding a degree must have six years of full-time digital forensics or IT security work experience in three out of the six domains of the credential OR an alternate forensics certification approved by the (ISC)² and five years of full-time digital forensics or IT security experience in three out of the six domains of the credential. All candidates must be able to demonstrate capabilities in each of the six CBK domains:

• Legal & Ethical Principles
• Investigations
• Forensic Science
• Digital Forensics
• Application Forensics
• Hybrid & Emerging Technologies

Candidates may find more information about CCFP, download the exam outline and register for the exam at https://www.isc2.org/ccfp.  

Glenn S. Dardick, director of the Association for Digital Forensics, Security and Law (ADFSL), commented, "Today, it would seem obvious that it is no longer a question of if but when a system or network will be breached. The severity and implications of such breaches – scope, financial, legal, etc. – may well rely not only on how well the risks have been mitigated but on how well the resulting costs have been minimized. While protecting the systems and networks have traditionally been viewed as the domain of information systems security, the incident response costs have often depended on the domain of cyber forensics and the ability to determine the cause and extent of such breaches. The domains of information systems security and cyber forensics have long overlapped and have now become interdependent in that they are most effective when professionals are knowledgeable and certified to be proficient in both of those domains."

"Employing forensics professionals that hold the credibility of a globally accepted and comprehensive certification like (ISC)²'s CCFP provides a strategic advantage for public and private organizations alike," said Ken Zatyko, Assured Information Security's vice president of Maryland Operations. "The CCFP validates that their forensics team has a very specialized skillset that empowers them to lead investigations with expertise and accuracy and can act as trusted advisors to other teams throughout the organization."

"The field of digital and multimedia forensics is playing an increasingly important role in the public sector, with government prosecutors relying on digital forensics experts to collect, analyze and present evidence in support of criminal cases as well as organized crime investigations," said Dan Ryan, attorney at law, (ISC)² forensics advisor and former professor of cyberlaw at the National Defense University. "As cyber warfare proliferates, government agencies rely on forensics data to attribute accurately an attack and hold the attackers accountable," he adds. "A skilled forensics professional can make all the difference in solving counterterrorism cases or identifying actors who have stolen sensitive information."

®2013, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.